An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6.
{
"source": "CPE_FIELD",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
},
{
"last_affected": "1.0.1"
},
{
"last_affected": "1.0.2"
},
{
"last_affected": "1.0.3"
},
{
"last_affected": "1.0.4"
},
{
"last_affected": "1.0.5"
},
{
"last_affected": "1.0.6"
},
{
"last_affected": "1.0.7"
},
{
"last_affected": "1.1.0"
},
{
"last_affected": "1.1.1"
},
{
"last_affected": "1.1.2"
},
{
"last_affected": "1.1.3"
},
{
"last_affected": "1.1.4"
},
{
"last_affected": "1.1.5"
},
{
"last_affected": "1.1.6"
}
],
"cpe": [
"cpe:2.3:a:jappix_project:jappix:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:jappix_project:jappix:1.1.6:*:*:*:*:*:*:*"
]
}